Software Defined Radio

Software Defined Radio (SDR) is a versatile technology that allows you to receive and transmit radio signals using a computer and appropriate hardware. With an SDR, you can explore and analyze various RF sources.

Modern Radio Technology

• 1G - first analog mobile communication for calls only
• 2G - text messaging was introduced
• 3G - Mobile data introduced
• 4G - Mobile data focused
• 5G - Improved compression of data than previous
• Zigbee - 900 MHz range radio tech for home automation technology
• LoRaWAN - a low-powered low range tech for IoT applications around 868 - 919 MHz
• SigFox - a French company providing global low-powered wide-range area LPWAN for IoT applications - sub-GHz ISM bands
• WiFi HaLow for IoT - sub-1 GHz, narrow band of OFDM channels - long range (approx 1km), penetrates walls, supports coin cell devices for months/years,
• NBIoT - Narrow Band IoT - sub-GHz bands - long -range low powered communications,

Free ISM Sub-GHz bands around the world

Various RF device traffic

• Restaurant Pagers
• RDS TMC (Radio Data Service Traffic Message Channel)
• Primary Surveillance RADAR (airports)
• RFID
• Space probes, satellites (ISEE-3)
  • Gpredict is a realtime satellite tracker application
• Wireless Keyboards/Mice: Many wireless keyboards and mice use RF signals to communicate with their respective receivers. By using SDR, you can intercept and analyze these signals, potentially identifying security vulnerabilities or even eavesdropping on keystrokes.
• Vehicle Remote Key Fobs: Car key fobs often use RF signals for remote locking/unlocking and starting the vehicle. SDR can be used to capture and analyze these signals, potentially reverse-engineering the protocol used for unauthorized access or cloning attacks.
• Garage Door Openers: Similar to vehicle key fobs, garage door openers utilize RF signals for remote control. By capturing and analyzing these signals, an attacker could potentially gain unauthorized access to garages or homes.
• Wireless Alarms/Security Systems: Some wireless alarm systems use RF communication for sensors, motion detectors, or entry point alerts. An ethical hacker could analyze these signals to identify potential vulnerabilities in the system's encryption or attempt to bypass them.
• Cordless Phones: Older cordless phones often operate on specific frequencies using analog RF transmission. By capturing these signals with SDR, one could intercept conversations or even perform attacks like replaying recorded conversations.
• Baby Monitors: Many baby monitors operate on wireless frequencies using RF transmissions. By capturing these signals with SDR, an attacker could listen in on private conversations or potentially compromise the security of the device itself.
• IoT Devices: Various Internet of Things (IoT) devices communicate wirelessly using RF transmissions such as smart home devices (e.g., smart plugs, thermostats), wearable devices (e.g., fitness trackers), or even medical devices (e.g., wireless pacemakers). SDR can be used to analyze the RF communication between these devices, identifying potential security flaws or vulnerabilities.

Radio Frequencies

Software

• SDR++ (Windows, macOS, Linux) manual
  • Building and Installing on MacOS
• CubicSDR (Windows, MacOS, Linux)
• GQRX (MacOS, Linux)
• LocalRadio (MacOS)
• DragonOS_Focal is a Lubuntu Linux distro curated with dozens of software tools - Download here
• GQRX
• GNU Radio
• GNU Radio Mode-S/ADS-B implementation of mode S transponder signals (aircraft transponder signals)
• QSpectrumAnalyzer
• SDR# (windows only)
• SDR Console
• Spectrum Analyzer GUI for hackrf_sweep for Windows
• Universal Radio Hacker (win/linux) video
• Web-based APRS tracker
• HDSDR (Windows)

List of software

Tutorials and Reference

• Hacking in Radio Frequencies
• You can ring my bell - adventures in sub-ghz RF land
• sdr-radio.com

Software Defined Radios

• RTL-SDR v3 ($43 as a kit or $33 for just the USB dongle)
  • Quick Start Guide
  • Datasheet
• List of SDRs (Wikipedia)
• Flipper Zero - a radio multitool for recording and playback of signals (sub-GHz, infrared, RFID, NFC) for device communication
• HackRF One $339
• Ubertooth One
• Hacker Warehouse wireless tools

Chips

• CC1101 - sub-GHz transciever used in Flipper Zero, Arduino, Raspberry Pi, etc.
• Semtech SX1276 - another chip said to be better than the CC1101
  

Antennas

• Beginners Antenna Guide
• Antenna basics for SDR beginners (video)
• Dipole - Dipole Length Calculator
  • RTL kit Dipole

Software Tutorials

• GNU Radio Beginners Tutorial

Signals

Signal Identification Guide (Sigidwiki)

• POCSAG pager signals
  • PDW (Windows) video
  • gr-pocsag-decoder a GNU Radio component
• Satellites

SDR on the web:

• KiwiSDR SDR database

Amateur Radio License

See Amateur Radio